1 år sedan · c47b1312ad
--- a/src/main/java/com/xjrsoft/common/constant/GlobalConstant.java
+++ b/src/main/java/com/xjrsoft/common/constant/GlobalConstant.java
@@ -59,6 +59,12 @@ public interface GlobalConstant {
 
				      * */

			
 
				     String LOGIN_USER_INFO_KEY = "LOGIN_USER_INFO_KEY";

			
 
				 

			
 
				+    /**

			
 
				+     * @des sa-token 登录人用户类型

			
 
				+     *

			
 
				+     * */

			
 
				+    String LOGIN_USER_TYPE = "LOGIN_USER_TYPE";

			
 
				+

			
 
				     /**

			
 
				      * @des sa-token 登陆人权限Code key

			
 
				      * */

			
@@ -408,6 +414,11 @@ public interface GlobalConstant {
 
				      */

			
 
				     String  DIC_ITEM_CACHE_KEY  = "ALL_DIC_ITEM";

			
 
				 

			
 
				+    /**

			
 
				+     * 学生电信开卡用户

			
 
				+     */

			
 
				+    String WHITE_MANAGEMENT_CACHE_KEY = "ALL_WHITE_MANAGEMENT";

			
 
				+

			
 
				 

			
 
				     /**

			
 
				      * 数据字典详情

			
--- a/src/main/java/com/xjrsoft/common/interceptor/MagicApiWebLoginInterceptor.java
+++ b/src/main/java/com/xjrsoft/common/interceptor/MagicApiWebLoginInterceptor.java
@@ -21,7 +21,6 @@ import javax.servlet.http.HttpServletResponse;
 
				 public class MagicApiWebLoginInterceptor implements HandlerInterceptor {

			
 
				 

			
 
				     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {

			
 
				-

			
 
				         // 根据parameter 判断是否有权限

			
 
				         String parameter = request.getParameter(StpUtil.getTokenName());

			
 
				 

			
@@ -47,8 +46,5 @@ public class MagicApiWebLoginInterceptor implements HandlerInterceptor {
 
				             Object loginIdByToken = StpUtil.getLoginIdByToken(parameter);

			
 
				             return !ObjectUtil.isNull(loginIdByToken);

			
 
				         }

			
 
				-

			
 
				-

			
 
				-

			
 
				     }

			
 
				 }

			
--- a/src/main/java/com/xjrsoft/common/interceptor/RateLimitInterceptor.java
+++ b/src/main/java/com/xjrsoft/common/interceptor/RateLimitInterceptor.java
@@ -0,0 +1,46 @@
 
				+package com.xjrsoft.common.interceptor;
			
 
				+
			
 
				+import cn.dev33.satoken.stp.StpUtil;
			
 
				+import cn.hutool.core.convert.Convert;
			
 
				+import com.xjrsoft.common.constant.GlobalConstant;
			
 
				+import com.xjrsoft.common.enums.RoleEnum;
			
 
				+import com.xjrsoft.common.utils.RedisUtil;
			
 
				+import org.apache.tomcat.jni.Time;
			
 
				+import org.springframework.beans.factory.annotation.Autowired;
			
 
				+import org.springframework.stereotype.Component;
			
 
				+import org.springframework.web.servlet.HandlerInterceptor;
			
 
				+
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+import java.util.Map;
			
 
				+
			
 
				+@Component
			
 
				+public class RateLimitInterceptor implements HandlerInterceptor {
			
 
				+
			
 
				+    @Autowired
			
 
				+    private RedisUtil redisUtil;
			
 
				+
			
 
				+    @Override
			
 
				+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
			
 
				+        if (isLimiting()) {
			
 
				+            // 暂停5秒
			
 
				+            Thread.sleep(5000);
			
 
				+            System.out.println("触发限流");
			
 
				+        }
			
 
				+        return true;
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * 是否满足限流条件
			
 
				+     */
			
 
				+    public boolean isLimiting() {
			
 
				+        if (!StpUtil.isLogin()) return false;
			
 
				+        Long userId = StpUtil.getLoginIdAsLong();
			
 
				+        Long userType = Convert.toLong(StpUtil.getTokenSession().get(GlobalConstant.LOGIN_USER_TYPE), 0L);
			
 
				+        if (userType.equals(RoleEnum.STUDENT.getCode())) {
			
 
				+            Map map = redisUtil.get(GlobalConstant.WHITE_MANAGEMENT_CACHE_KEY, Map.class);
			
 
				+            return map.get(userId) == null;
			
 
				+        }
			
 
				+        return false;
			
 
				+    }
			
 
				+}
			
--- a/src/main/java/com/xjrsoft/common/runner/OrganizationCacheRunner.java
+++ b/src/main/java/com/xjrsoft/common/runner/OrganizationCacheRunner.java
@@ -2,20 +2,9 @@ package com.xjrsoft.common.runner;
 
				 

			
 
				 import com.xjrsoft.common.constant.GlobalConstant;

			
 
				 import com.xjrsoft.common.utils.RedisUtil;

			
 
				-import com.xjrsoft.module.organization.entity.Department;

			
 
				-import com.xjrsoft.module.organization.entity.Post;

			
 
				-import com.xjrsoft.module.organization.entity.Role;

			
 
				-import com.xjrsoft.module.organization.entity.User;

			
 
				-import com.xjrsoft.module.organization.entity.UserDeptRelation;

			
 
				-import com.xjrsoft.module.organization.entity.UserPostRelation;

			
 
				-import com.xjrsoft.module.organization.entity.UserRoleRelation;

			
 
				-import com.xjrsoft.module.organization.service.IDepartmentService;

			
 
				-import com.xjrsoft.module.organization.service.IPostService;

			
 
				-import com.xjrsoft.module.organization.service.IRoleService;

			
 
				-import com.xjrsoft.module.organization.service.IUserDeptRelationService;

			
 
				-import com.xjrsoft.module.organization.service.IUserPostRelationService;

			
 
				-import com.xjrsoft.module.organization.service.IUserRoleRelationService;

			
 
				-import com.xjrsoft.module.organization.service.IUserService;

			
 
				+import com.xjrsoft.module.base.service.IWhitelistManagementService;

			
 
				+import com.xjrsoft.module.organization.entity.*;

			
 
				+import com.xjrsoft.module.organization.service.*;

			
 
				 import lombok.AllArgsConstructor;

			
 
				 import lombok.extern.slf4j.Slf4j;

			
 
				 import org.springframework.boot.CommandLineRunner;

			
@@ -50,6 +39,8 @@ public class OrganizationCacheRunner implements CommandLineRunner {
 
				 

			
 
				     private IUserPostRelationService userPostRelationService;

			
 
				 

			
 
				+    private IWhitelistManagementService whitelistManagementService;

			
 
				+

			
 
				     @Override

			
 
				     public void run(String... args) {

			
 
				         loadUserCache();

			
@@ -59,6 +50,8 @@ public class OrganizationCacheRunner implements CommandLineRunner {
 
				         loadUserRoleRelationCache();

			
 
				         loadUserDepartmentRelationCache();

			
 
				         loadUserPostRelationCache();

			
 
				+

			
 
				+        whitelistManagementService.loadCaches();

			
 
				     }

			
 
				 

			
 
				     @Async

			
--- a/src/main/java/com/xjrsoft/common/xss/XssFilter.java
+++ b/src/main/java/com/xjrsoft/common/xss/XssFilter.java
@@ -1,21 +1,18 @@
 
				 

			
 
				 package com.xjrsoft.common.xss;

			
 
				 

			
 
				-import javax.servlet.Filter;

			
 
				-import javax.servlet.FilterChain;

			
 
				-import javax.servlet.FilterConfig;

			
 
				-import javax.servlet.ServletException;

			
 
				-import javax.servlet.ServletRequest;

			
 
				-import javax.servlet.ServletResponse;

			
 
				+import javax.servlet.*;

			
 
				 import javax.servlet.http.HttpServletRequest;

			
 
				 import java.io.IOException;

			
 
				 

			
 
				+

			
 
				 /**

			
 
				  * XSS过滤

			
 
				  *

			
 
				  * @author tzx

			
 
				  */

			
 
				 public class XssFilter implements Filter {

			
 
				+

			
 
				     @Override

			
 
				     public void init(FilterConfig config) {

			
 
				     }

			
@@ -32,4 +29,5 @@ public class XssFilter implements Filter {
 
				     public void destroy() {

			
 
				     }

			
 
				 

			
 
				+

			
 
				 }
			
--- a/src/main/java/com/xjrsoft/config/SaTokenConfig.java
+++ b/src/main/java/com/xjrsoft/config/SaTokenConfig.java
@@ -16,6 +16,7 @@ import com.xjrsoft.common.constant.GlobalConstant;
 
				 import com.xjrsoft.common.enums.ResponseCode;

			
 
				 import com.xjrsoft.common.exception.MyException;

			
 
				 import com.xjrsoft.common.interceptor.MagicApiWebLoginInterceptor;

			
 
				+import com.xjrsoft.common.interceptor.RateLimitInterceptor;

			
 
				 import org.springframework.beans.factory.annotation.Autowired;

			
 
				 import org.springframework.context.annotation.Bean;

			
 
				 import org.springframework.context.annotation.Configuration;

			
@@ -42,10 +43,16 @@ public class SaTokenConfig implements WebMvcConfigurer {
 
				     public void addInterceptors(InterceptorRegistry registry) {

			
 
				         // 注册MagicApi登录判断拦截器

			
 
				         registry.addInterceptor(new MagicApiWebLoginInterceptor()).addPathPatterns(magicApiConfig.getWeb() + "/**");

			
 
				+        // 注册拦截器

			
 
				+        registry.addInterceptor(getRateLimitInterceptor()).addPathPatterns("/**");

			
 
				         //satoken 注解鉴权拦截器

			
 
				 //        registry.addInterceptor(new SaAnnotationInterceptor()).addPathPatterns("/**");

			
 
				     }

			
 
				 

			
 
				+    @Bean

			
 
				+    public RateLimitInterceptor getRateLimitInterceptor(){

			
 
				+        return new RateLimitInterceptor();

			
 
				+    }

			
 
				 

			
 
				     /**

			
 
				      * 注册 [Sa-Token全局过滤器]

			
--- a/src/main/java/com/xjrsoft/module/base/service/IWhitelistManagementService.java
+++ b/src/main/java/com/xjrsoft/module/base/service/IWhitelistManagementService.java
@@ -1,15 +1,13 @@
 
				 package com.xjrsoft.module.base.service;

			
 
				 

			
 
				 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;

			
 
				-import com.baomidou.mybatisplus.extension.service.IService;

			
 
				 import com.github.yulichang.base.MPJBaseService;

			
 
				 import com.xjrsoft.module.base.dto.WhitelistManagementPageDto;

			
 
				 import com.xjrsoft.module.base.entity.TreeNode;

			
 
				 import com.xjrsoft.module.base.entity.WhitelistManagement;

			
 
				 import com.xjrsoft.module.base.vo.WhitelistManagementPageVo;

			
 
				-import lombok.Data;

			
 
				+

			
 
				 import java.util.List;

			
 
				-import java.util.Objects;

			
 
				 

			
 
				 /**

			
 
				 * @title: 白名单管理

			
@@ -32,4 +30,9 @@ public interface IWhitelistManagementService extends MPJBaseService<WhitelistMan
 
				     boolean checkExist(String credentialNumber);

			
 
				 

			
 
				     List<TreeNode> getTreeStructure();

			
 
				+

			
 
				+    /**

			
 
				+     * 所有学生电信开卡用户缓存

			
 
				+     */

			
 
				+    void loadCaches();

			
 
				 }

			
--- a/src/main/java/com/xjrsoft/module/base/service/impl/WhitelistManagementServiceImpl.java
+++ b/src/main/java/com/xjrsoft/module/base/service/impl/WhitelistManagementServiceImpl.java
@@ -1,7 +1,10 @@
 
				 package com.xjrsoft.module.base.service.impl;

			
 
				 

			
 
				+import com.baomidou.mybatisplus.core.toolkit.Wrappers;

			
 
				 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;

			
 
				 import com.github.yulichang.base.MPJBaseServiceImpl;

			
 
				+import com.xjrsoft.common.constant.GlobalConstant;

			
 
				+import com.xjrsoft.common.utils.RedisUtil;

			
 
				 import com.xjrsoft.module.base.dto.WhitelistManagementPageDto;

			
 
				 import com.xjrsoft.module.base.entity.TreeNode;

			
 
				 import com.xjrsoft.module.base.entity.WhiteBaseClass;

			
@@ -11,11 +14,14 @@ import com.xjrsoft.module.base.mapper.WhitelistManagementMapper;
 
				 import com.xjrsoft.module.base.service.IWhitelistManagementService;

			
 
				 import com.xjrsoft.module.base.vo.WhitelistManagementPageVo;

			
 
				 import lombok.AllArgsConstructor;

			
 
				-import lombok.Data;

			
 
				+import lombok.extern.slf4j.Slf4j;

			
 
				+import org.springframework.scheduling.annotation.Async;

			
 
				 import org.springframework.stereotype.Service;

			
 
				 

			
 
				 import java.util.ArrayList;

			
 
				 import java.util.List;

			
 
				+import java.util.Map;

			
 
				+import java.util.stream.Collectors;

			
 
				 

			
 
				 /**

			
 
				 * @title: 白名单管理

			
@@ -23,11 +29,14 @@ import java.util.List;
 
				 * @Date: 2024-06-24

			
 
				 * @Version 1.0

			
 
				 */

			
 
				+@Slf4j

			
 
				 @Service

			
 
				 @AllArgsConstructor

			
 
				 public class WhitelistManagementServiceImpl extends MPJBaseServiceImpl<WhitelistManagementMapper, WhitelistManagement> implements IWhitelistManagementService {

			
 
				     private final WhitelistManagementMapper whitelistManagementMapper;

			
 
				 

			
 
				+    private RedisUtil redisUtil;

			
 
				+

			
 
				     @Override

			
 
				     public Page<WhitelistManagementPageVo> getPage(Page<Object> objectPage, WhitelistManagementPageDto dto) {

			
 
				         return whitelistManagementMapper.getPage(objectPage, dto);

			
@@ -84,4 +93,16 @@ public class WhitelistManagementServiceImpl extends MPJBaseServiceImpl<Whitelist
 
				 

			
 
				         return treeNodes;

			
 
				     }

			
 
				+

			
 
				+    /**

			
 
				+     * 所有学生电信开卡用户缓存

			
 
				+     */

			
 
				+    @Async

			
 
				+    public void loadCaches() {

			
 
				+        log.info("XJRSOFT: 加载所有学生电信开卡用户缓存开始");

			
 
				+        List<WhitelistManagement> list = whitelistManagementMapper.selectList(Wrappers.<WhitelistManagement>query().lambda().select(WhitelistManagement::getUserId));

			
 
				+        Map<Long, Long> map = list.stream().collect(Collectors.toMap(WhitelistManagement::getUserId, WhitelistManagement::getUserId));

			
 
				+        redisUtil.set(GlobalConstant.WHITE_MANAGEMENT_CACHE_KEY, map);

			
 
				+        log.info("XJRSOFT: 加载所有学生电信开卡用户缓存结束");

			
 
				+    }

			
 
				 }
			
--- a/src/main/java/com/xjrsoft/module/system/service/impl/LoginServiceImpl.java
+++ b/src/main/java/com/xjrsoft/module/system/service/impl/LoginServiceImpl.java
@@ -375,6 +375,9 @@ public class LoginServiceImpl implements ILoginService {
 
				         //根据登录信息  将post  和 department 信息存入用户信息中

			
 
				         tokenSession.set(GlobalConstant.LOGIN_USER_INFO_KEY, loginUser);

			
 
				 

			
 
				+        // 存入用户类型

			
 
				+        tokenSession.set(GlobalConstant.LOGIN_USER_TYPE, result.getUserType());

			
 
				+

			
 
				         result.setToken(StpUtil.getTokenValue());

			
 
				 

			
 
				         // 判断是不是OAuth2